PatchSiren cyber security CVE debrief
CVE-2025-31357 Growatt CVE debrief
CVE-2025-31357 is an unauthenticated information disclosure issue in Growatt cloud applications. According to CISA’s CSAF advisory, an attacker who knows a username can obtain that user’s plant list in Growatt cloud portal versions up to 3.6.0. The issue is scored CVSS 3.1 5.3 (Medium) and is limited to confidentiality impact in the supplied vector. CISA’s advisory says the cloud-based vulnerabilities were patched and that no user action is needed for the fix, while also recommending standard account-hardening and security-hygiene steps.
- Vendor
- Growatt
- Product
- Cloud portal
- CVSS
- MEDIUM 5.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-04-15
- Original CVE updated
- 2025-05-06
- Advisory published
- 2025-04-15
- Advisory updated
- 2025-05-06
Who should care
Organizations and individuals using Growatt cloud portal, especially administrators and installers managing customer plants, should care. Because the issue is unauthenticated and username-based, teams should treat any exposed Growatt cloud account data as potentially retrievable by a remote party.
Technical summary
The supplied advisory describes a remote, unauthenticated disclosure condition in Growatt cloud portal (affected version range: <= 3.6.0). Knowing a valid username is sufficient to retrieve a user’s plant list. The published CVSS vector (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) indicates network reachability with no privileges required, no user interaction, and confidentiality impact only.
Defensive priority
Medium. The issue is easy to reach remotely and requires no authentication, but the documented impact is limited to confidentiality and the vendor states the cloud-side fix has been applied. Prioritize review if you operate Growatt cloud portal accounts or have sensitive operational plant data exposed through the service.
Recommended defensive actions
- Confirm whether any organization accounts use Growatt cloud portal versions at or below 3.6.0 and verify the vendor-applied fix is present.
- Review account and plant-list access patterns for unexpected lookups or abnormal usage tied to known usernames.
- Use strong passwords and enable multi-factor authentication where applicable, consistent with Growatt’s guidance.
- Continue to monitor user and installer accounts for unusual activity and report concerns to Growatt [email protected].
- Apply general ICS security best practices and defense-in-depth measures from CISA resources when managing connected cloud services.
Evidence notes
This debrief is based on the supplied CISA CSAF advisory for ICSA-25-105-04 and the CVE record metadata provided in the source corpus. The advisory explicitly states: “An unauthenticated attacker can obtain a user's plant list by knowing the username.” The affected product entry is “Growatt cloud portal: <=3.6.0.” The revision history shows an initial publication on 2025-04-15 and a later revision on 2025-05-06 for typo fixes. No KEV listing was provided in the corpus.
Official resources
-
CVE-2025-31357 CVE record
CVE.org
-
CVE-2025-31357 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
CVE published: 2025-04-15T06:00:00.000Z. Source advisory published: 2025-04-15T06:00:00.000Z and modified: 2025-05-06T06:00:00.000Z; the later change is noted as a typo fix in the source revision history.